Wireguard initial config

Message

Illiander · Post by **Illiander** » Tue Oct 14, 2025 8:24 am

I'm trying to set up Wireguard with ProtonFreeVPN, and it's generally not working.

I'm not sure where to go to even start with debugging, so I'm asking for help.

wg1.conf (renamed because otherwise wg-quick complains about naming):

Code: Select all

[Interface]
# Key for temp2
# Bouncing = 2
# NAT-PMP (Port Forwarding) = off
# VPN Accelerator = on
PrivateKey = {key}
Address = 10.2.0.2/32
DNS = 10.2.0.1

[Peer]
# CA-FREE#11
PublicKey = {key}
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = 149.22.81.28:51820

What I've tried to see if it's working:

Code: Select all

~ # ping www.google.com
ping: www.google.com: Temporary failure in name resolution
# ping 151.101.193.140
PING 151.101.193.140 (151.101.193.140) 56(84) bytes of data.
^C
--- 151.101.193.140 ping statistics ---
16 packets transmitted, 0 received, 100% packet loss, time 15207ms

~ # ping 4.4.4.4
PING 4.4.4.4 (4.4.4.4) 56(84) bytes of data.
^C
--- 4.4.4.4 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3040ms

~ # ping 10.2.0.1
PING 10.2.0.1 (10.2.0.1) 56(84) bytes of data.
64 bytes from 10.2.0.1: icmp_seq=1 ttl=64 time=157 ms
64 bytes from 10.2.0.1: icmp_seq=2 ttl=64 time=157 ms
64 bytes from 10.2.0.1: icmp_seq=3 ttl=64 time=157 ms
^C
--- 10.2.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 156.853/157.008/157.286/0.197 ms
~ # ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
^C
--- 1.1.1.1 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1006ms

151.101.193.140 responds to ping with the wg interface down (It's a reddit server)
4.4.4.4 is a google dns.
1.1.1.1 is a cloudflare dns.

What should I even be looking at to figure this out?

alamahant · Post by **alamahant** » Tue Oct 14, 2025 9:41 am

Is this how you use it? :

Code: Select all

rc start wg-quick
Starting wg-quick...
 * You cannot call this init script directly. You must create a symbolic link to it with the configuration name:
 *     ln -s /etc/init.d/wg-quick /etc/init.d/wg-quick.vpn0
 * And then call it instead:
 *     /etc/init.d/wg-quick.vpn0 start
 * ERROR: wg-quick failed to start

Or directly by calling

Code: Select all

wg-quick up wg1.conf

In any case , if all else fails, try to comment out the dns line in the config file and use 1.1.1.1 in resolv.conf.
What I like to do is download the conf files from my Proton account and invoke them directly.
Not as a service.

Illiander · Post by **Illiander** » Tue Oct 14, 2025 10:40 am

I'm calling it directly. Not going to add it to runlevels until it's actually working. ("wg-quick up wg1")

This is the file downloaded directly from Proton. (It was the least "in-use" canadian server as of some time this morning)

Tried commenting out the DNS line, pinged 1.1.1.1, still 100% packet loss.

pingtoo · Post by **pingtoo** » Tue Oct 14, 2025 1:17 pm

Illiander,

Have you look into your firewall setting (iptables)? It is likely you have setting allow out going but not allow coming back.

Illiander · Post by **Illiander** » Tue Oct 14, 2025 4:45 pm

I don't think so?

Code: Select all

# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

I think that means my firewall is wide open? Would router firewall settings cause issues?

I assumed that incoming would be blocked by default, and I've not touched this ever. (Default being wide open feels like a bug to me, but there's probably a good reason for it)